Open sophiii opened 7 years ago
How would the dapp request a massive IPFS file, where can the user enter this IPFS hash?
Probably when restoring an ipfs backup? Or, since the dapp is client side, manually requesting it from the ipfs gateway
Can we can use iron-ajax to make a get request to /api/v0/file/ls?arg={{ipfs-path}} to get the file size before making a request for the file?
Or someone can upload a mp4 movie as a profile picture. I am not sure about fix.
In https://github.com/swarmcity/sc-boardwalk/blob/master/src/sc-ipfs/sc-ipfs.html we could could how many buffers we have read in cat
hopefully ipfs has a way to check file size before download.
Have you tried to upload an mp4 as a profile pic? if it causes an issue maybe a new issue is best
I agree. But a malicious actor could bypass the user interface checking and upload a large file as their profile picture. This can then crash the dapp.
Actual behavior: Right now if the dapp requests a IPFS file that is 1000 GB it will start downloading it and keep going until the dapp crashes
Expected behavior: IPFS should only allow downloading files less than 5 MB. It should fail once 5MB is breached.
Steps to reproduce the problem: In file https://github.com/swarmcity/sc-boardwalk/blob/master/src/sc-ipfs/sc-ipfs.html you can see that
cat
keeps downloading until then. To reproduce you will need to find the IPFS hash that is really big.Create a
Hashtag
with but instead of passing_metadataHash
you pass an IPFS hash. Then get the dapp to load that Hashtag.Outcome: This will crash the dapp and when ever people try and load this hashtag. I am unsure about the severity here but its something we need to be careful about.